Demande d'aide pour nettoyage de PC infecté !!!
Dernière réponse : dans Sécurité
Bonjour, je pense que mon ordinateur est infecté.
J'ai deja fait pas mal de scan qui m'ont trouvé des Trojan et virus/ver. Beaucoup ont été supprimés.
Hors j'ai toujours quelques problèmes car il m'est impossible de faire un recherche sur le net, de taper une adresse ou encore de choisir un site dans mes favoris.
J'ai découvert hier où etait le problème (enfin je suppose) : aliceeadsl.exe situé dans system32. Lorsque je supprime ce fichier, il réapparrait directement dans le fichier.
Comment puis-je le supprimer ???
Merci
J'ai deja fait pas mal de scan qui m'ont trouvé des Trojan et virus/ver. Beaucoup ont été supprimés.
Hors j'ai toujours quelques problèmes car il m'est impossible de faire un recherche sur le net, de taper une adresse ou encore de choisir un site dans mes favoris.
J'ai découvert hier où etait le problème (enfin je suppose) : aliceeadsl.exe situé dans system32. Lorsque je supprime ce fichier, il réapparrait directement dans le fichier.
Comment puis-je le supprimer ???
Merci
Autres pages sur : demande aide nettoyage infecte
Lassé par la pub ? Créez un compte
Tu peux retenter le scan de ton antivirus ou sinon carrément tout formater car là au moins tu peux être sur que cela ne reviendra pas.
Tu peux aussi aller la dessus: http://www.hijackthis.de/fr
c'est un logiciel qui te permet de voir quelles sont les fichiers mauvais dans ton PC. Au moin tu seras fixé.
Tu peux aussi aller la dessus: http://www.hijackthis.de/fr
c'est un logiciel qui te permet de voir quelles sont les fichiers mauvais dans ton PC. Au moin tu seras fixé.
J'ai vu sur les autres discutions des demandes de rapports avec Bitdefender ! Donc voici le mien, si ca peut aider !!
IMPOSSIBLE DE LE FORMATER MON ORDI
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Apr 21, 2008 - 17:32:28
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:47:42
Fichiers
117032
Directoires
7071
Secteurs de boot
3
Archives
1207
Paquets programmes
15260
Résultats
Virus identifiés
10
Fichiers infectés
59
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
59
Info sur les moteurs
Définition virus
1169013
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
41
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Détecté avec: Adware.Slagent.FQ
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Infecté par: Trojan.Vundo.EGX
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Infecté par: Trojan.Vundo.EGX
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Infecté par: Trojan.Vundo.GK
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Infecté par: Trojan.Vundo.GK
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Infecté par: Trojan.Vundo.EHH
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Infecté par: Trojan.Vundo.EHH
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Détecté avec: Adware.Virtumonde.GIM
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Supprimé
C:\WINDOWS\system32\ajqldwvv.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\ajqldwvv.dll
Supprimé
C:\WINDOWS\system32\aliceeadsl.exe
Infecté par: Packer.Malware.Crypter.C
C:\WINDOWS\system32\aliceeadsl.exe
Echec de la désinfection
C:\WINDOWS\system32\aliceeadsl.exe
Supprimé
C:\WINDOWS\system32\cvqhftrv.dll
Infecté par: Trojan.Vundo.EHH
C:\WINDOWS\system32\cvqhftrv.dll
Supprimé
C:\WINDOWS\system32\gfnsugyl.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\gfnsugyl.dll
Supprimé
C:\WINDOWS\system32\ihhexpkw.dll
Infecté par: Trojan.Vundo.EGU
C:\WINDOWS\system32\ihhexpkw.dll
Supprimé
C:\WINDOWS\system32\mnsgcmvu.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\mnsgcmvu.dll
Supprimé
C:\WINDOWS\system32\priyigau.dll
Infecté par: Trojan.Vundo.EGU
C:\WINDOWS\system32\priyigau.dll
Supprimé
IMPOSSIBLE DE LE FORMATER MON ORDI
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Apr 21, 2008 - 17:32:28
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:47:42
Fichiers
117032
Directoires
7071
Secteurs de boot
3
Archives
1207
Paquets programmes
15260
Résultats
Virus identifiés
10
Fichiers infectés
59
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
59
Info sur les moteurs
Définition virus
1169013
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
41
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Détecté avec: Adware.Slagent.FQ
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Détecté avec: Adware.Navipromo.BYT
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Infecté par: Trojan.Vundo.EGX
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Infecté par: Trojan.Vundo.EGX
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Infecté par: Trojan.Vundo.EGN
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Infecté par: Trojan.Vundo.GK
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Infecté par: Trojan.Vundo.GK
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Infecté par: Trojan.Vundo.EGW
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Infecté par: Trojan.Vundo.EHH
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Infecté par: Trojan.Vundo.EHH
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Détecté avec: Adware.Virtumonde.GIM
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Supprimé
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Infecté par: Packer.Malware.Crypter.C
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Echec de la désinfection
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Supprimé
C:\WINDOWS\system32\ajqldwvv.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\ajqldwvv.dll
Supprimé
C:\WINDOWS\system32\aliceeadsl.exe
Infecté par: Packer.Malware.Crypter.C
C:\WINDOWS\system32\aliceeadsl.exe
Echec de la désinfection
C:\WINDOWS\system32\aliceeadsl.exe
Supprimé
C:\WINDOWS\system32\cvqhftrv.dll
Infecté par: Trojan.Vundo.EHH
C:\WINDOWS\system32\cvqhftrv.dll
Supprimé
C:\WINDOWS\system32\gfnsugyl.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\gfnsugyl.dll
Supprimé
C:\WINDOWS\system32\ihhexpkw.dll
Infecté par: Trojan.Vundo.EGU
C:\WINDOWS\system32\ihhexpkw.dll
Supprimé
C:\WINDOWS\system32\mnsgcmvu.dll
Infecté par: Trojan.Vundo.GK
C:\WINDOWS\system32\mnsgcmvu.dll
Supprimé
C:\WINDOWS\system32\priyigau.dll
Infecté par: Trojan.Vundo.EGU
C:\WINDOWS\system32\priyigau.dll
Supprimé
Voici mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:43, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\aliceeadsl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BMf39960b2] Rundll32.exe "C:\WINDOWS\system32\rvpvimuj.dll",s
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 14178 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:43, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\aliceeadsl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BMf39960b2] Rundll32.exe "C:\WINDOWS\system32\rvpvimuj.dll",s
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 14178 bytes
Re,
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
******
Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
******
Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
VOILA TT DABOR LE RAPPORT SDFIX
J'espere qu'il est bon, car lors de l'aplication une fenetre Sous systeme m'a dit : D: /programfiles/avast/aswmondvd.dll L'initialisation de la dll d'un pilote de périphérique installalbe a échoué !!!
Sinon en + de aliceeadsl comme je vous ai dit tout au début, il y a Rvpvimuj.dll dans système 32 qui est infecté (j'ai constament un message d'alerte) mais impossible de supprimer ce fichier !!
Bon zou, je fais la suite !!
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\yeTyezzd.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:56:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex![:D]( ":D")
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex![:D]( ":D")
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\WINSOS\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\WINSOS\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\WINSOS\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Mes documents\\eMule\\emule.exe"="D:\\Mes documents\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 10 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT1.tmp"
Sat 5 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT2.tmp"
Thu 14 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2.tmp"
Finished!
J'espere qu'il est bon, car lors de l'aplication une fenetre Sous systeme m'a dit : D: /programfiles/avast/aswmondvd.dll L'initialisation de la dll d'un pilote de périphérique installalbe a échoué !!!
Sinon en + de aliceeadsl comme je vous ai dit tout au début, il y a Rvpvimuj.dll dans système 32 qui est infecté (j'ai constament un message d'alerte) mais impossible de supprimer ce fichier !!
Bon zou, je fais la suite !!
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\yeTyezzd.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:56:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\WINSOS\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\WINSOS\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\WINSOS\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Mes documents\\eMule\\emule.exe"="D:\\Mes documents\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 10 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT1.tmp"
Sat 5 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT2.tmp"
Thu 14 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2.tmp"
Finished!
Yes je continue !!!
Voici le rapport Combofix !!!
ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QALWPMDGT
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11
Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres
230 --- E O F --- 2008-03-12 02:04:17
Voici le rapport Combofix !!!
ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QALWPMDGT
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11
Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres
230 --- E O F --- 2008-03-12 02:04:17
Re,
Il en reste.
Fais-ceci à titre de vérification.
Télécharge Navilog (de Il-Mafioso)
Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
Le rapport se trouve ici :C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Il en reste.
Fais-ceci à titre de vérification.
Télécharge Navilog (de Il-Mafioso)
Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
Le rapport se trouve ici :C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Voila le rapport !!!!
Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
aliceeadsl.exe trouvé !
* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
aliceeadsl.exe trouvé !
* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
Yes je continue !!!
Voici le rapport Combofix !!!
ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QALWPMDGT
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11
Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres
230 --- E O F --- 2008-03-12 02:04:17
Voici le rapport Combofix !!!
ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QALWPMDGT
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11
Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres
230 --- E O F --- 2008-03-12 02:04:17
TU MA DEMANDER DE FAIRE AVEC NAVILOG ENSUITE !!!! DONC VOICI LE DERNIER RAPPORT !!!
Voila le rapport !!!!
Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
aliceeadsl.exe trouvé !
* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
Voila le rapport !!!!
Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
aliceeadsl.exe trouvé !
* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
ComboFix 08-04-20.5 - Marjolaine 2008-04-25 19:02:26.2 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_23.39.40.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
- 2007-09-11 21:00:42 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-22 22:49:42 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-09-11 21:00:57 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-22 22:49:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-09-11 21:00:57 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-22 22:49:08 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-11 21:01:00 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-22 22:49:59 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-09-11 21:00:52 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-22 22:49:26 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-09-11 21:01:07 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-22 22:49:56 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-09-11 21:00:47 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-22 22:49:21 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-09-11 21:00:41 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-22 22:49:36 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-09-11 21:00:35 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-22 22:49:23 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-09-11 21:00:37 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-22 22:49:40 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-09-11 21:00:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-09-11 21:00:55 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-22 22:49:49 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-09-11 21:00:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-22 22:49:51 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-09-11 21:00:38 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-22 22:50:07 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-09-11 21:00:39 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-22 22:50:08 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-09-11 21:00:40 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-22 22:50:10 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-09-11 21:00:41 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-22 22:50:11 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-09-11 21:00:38 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-22 22:49:52 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-09-11 21:01:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-22 22:49:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-09-11 21:01:09 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-22 22:49:46 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-09-11 21:00:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-22 22:50:00 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-09-11 21:01:08 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-22 22:49:45 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-09-11 21:01:10 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-22 22:49:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-09-11 21:00:34 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-22 22:50:04 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-09-11 21:00:33 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-22 22:49:44 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-09-11 21:00:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-22 22:49:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-09-11 21:01:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-22 22:49:53 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-09-11 21:00:43 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-22 22:49:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-09-11 21:01:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-22 22:49:24 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-09-11 21:01:01 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-22 22:49:28 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-09-11 21:00:36 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-22 22:49:29 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-09-11 21:00:53 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-22 22:50:13 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-09-11 21:00:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-22 22:50:09 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-09-11 21:00:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-22 22:49:37 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-09-11 21:00:45 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-22 22:50:02 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-09-11 21:01:05 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-22 22:49:15 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-09-11 21:01:01 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-22 22:50:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-09-11 21:01:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-22 22:50:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-09-11 21:01:02 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-22 22:49:58 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-09-11 21:01:02 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-22 22:49:57 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-09-11 21:00:42 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-22 22:49:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-09-11 21:00:45 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-22 22:49:18 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-09-11 21:01:07 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-22 22:49:34 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-09-11 21:00:48 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-22 22:49:35 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-09-11 21:00:49 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-22 22:49:32 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-09-11 21:00:50 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-22 22:49:38 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-09-11 21:00:51 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-22 22:49:19 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-09-11 21:01:04 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-22 22:49:30 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-23 05:48:45 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-23 05:49:08 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-23 05:49:14 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-23 05:49:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-23 05:49:19 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-23 05:49:24 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-23 05:49:36 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-23 05:49:37 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-23 05:49:43 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-22 22:52:31 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-23 05:49:45 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-23 05:41:03 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-23 05:49:48 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-23 05:43:03 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-23 05:49:50 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-23 05:49:52 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-23 05:44:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-23 05:43:26 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-23 05:49:54 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-23 05:49:54 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-23 05:49:56 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-23 05:49:57 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-23 05:49:58 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-23 05:50:23 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-23 05:50:24 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-23 05:50:28 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-23 05:50:18 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-23 05:46:04 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-23 05:47:05 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-23 05:38:42 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2008-04-22 21:18:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-12 02:02:22 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-22 22:45:19 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-12 02:02:22 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-22 22:45:19 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-12 02:02:22 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-22 22:45:19 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-12 02:02:22 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-22 22:45:18 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 02:02:22 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-22 22:45:19 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-12 02:02:22 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-22 22:45:19 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-12 02:02:22 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-22 22:45:20 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-12 02:02:22 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-22 22:45:20 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-12 02:02:22 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-22 22:45:19 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-12 02:02:22 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-22 22:45:19 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-12 02:02:22 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-22 22:45:20 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-12 02:02:22 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-22 22:45:18 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-12 02:02:22 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-22 22:45:18 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-20 23:10:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 23:52:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-10-11 06:13:38 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
- 2007-10-11 06:13:38 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
- 2007-10-11 06:13:38 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\DllCache\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-20 17:34:38 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-23 05:38:54 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-04-12 10:54:50 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-22 22:50:27 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 10:54:50 72,564 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-22 22:50:27 74,336 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-12 10:54:50 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-22 22:50:27 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-12 10:54:50 461,642 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-22 22:50:27 467,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\sys
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_23.39.40.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
- 2007-09-11 21:00:42 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-22 22:49:42 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-09-11 21:00:57 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-22 22:49:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-09-11 21:00:57 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-22 22:49:08 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-11 21:01:00 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-22 22:49:59 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-09-11 21:00:52 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-22 22:49:26 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-09-11 21:01:07 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-22 22:49:56 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-09-11 21:00:47 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-22 22:49:21 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-09-11 21:00:41 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-22 22:49:36 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-09-11 21:00:35 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-22 22:49:23 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-09-11 21:00:37 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-22 22:49:40 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-09-11 21:00:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-09-11 21:00:55 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-22 22:49:49 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-09-11 21:00:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-22 22:49:51 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-09-11 21:00:38 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-22 22:50:07 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-09-11 21:00:39 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-22 22:50:08 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-09-11 21:00:40 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-22 22:50:10 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-09-11 21:00:41 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-22 22:50:11 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-09-11 21:00:38 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-22 22:49:52 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-09-11 21:01:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-22 22:49:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-09-11 21:01:09 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-22 22:49:46 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-09-11 21:00:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-22 22:50:00 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-09-11 21:01:08 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-22 22:49:45 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-09-11 21:01:10 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-22 22:49:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-09-11 21:00:34 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-22 22:50:04 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-09-11 21:00:33 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-22 22:49:44 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-09-11 21:00:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-22 22:49:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-09-11 21:01:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-22 22:49:53 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-09-11 21:00:43 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-22 22:49:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-09-11 21:01:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-22 22:49:24 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-09-11 21:01:01 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-22 22:49:28 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-09-11 21:00:36 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-22 22:49:29 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-09-11 21:00:53 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-22 22:50:13 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-09-11 21:00:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-22 22:50:09 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-09-11 21:00:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-22 22:49:37 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-09-11 21:00:45 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-22 22:50:02 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-09-11 21:01:05 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-22 22:49:15 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-09-11 21:01:01 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-22 22:50:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-09-11 21:01:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-22 22:50:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-09-11 21:01:02 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-22 22:49:58 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-09-11 21:01:02 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-22 22:49:57 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-09-11 21:00:42 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-22 22:49:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-09-11 21:00:45 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-22 22:49:18 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-09-11 21:01:07 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-22 22:49:34 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-09-11 21:00:48 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-22 22:49:35 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-09-11 21:00:49 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-22 22:49:32 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-09-11 21:00:50 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-22 22:49:38 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-09-11 21:00:51 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-22 22:49:19 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-09-11 21:01:04 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-22 22:49:30 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-23 05:48:45 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-23 05:49:08 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-23 05:49:14 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-23 05:49:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-23 05:49:19 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-23 05:49:24 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-23 05:49:36 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-23 05:49:37 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-23 05:49:43 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-22 22:52:31 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-23 05:49:45 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-23 05:41:03 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-23 05:49:48 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-23 05:43:03 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-23 05:49:50 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-23 05:49:52 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-23 05:44:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-23 05:43:26 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-23 05:49:54 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-23 05:49:54 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-23 05:49:56 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-23 05:49:57 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-23 05:49:58 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-23 05:50:23 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-23 05:50:24 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-23 05:50:28 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-23 05:50:18 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-23 05:46:04 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-23 05:47:05 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-23 05:38:42 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2008-04-22 21:18:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-12 02:02:22 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-22 22:45:19 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-12 02:02:22 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-22 22:45:19 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-12 02:02:22 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-22 22:45:19 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-12 02:02:22 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-22 22:45:18 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 02:02:22 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-22 22:45:19 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-12 02:02:22 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-22 22:45:19 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-12 02:02:22 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-22 22:45:20 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-12 02:02:22 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-22 22:45:20 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-12 02:02:22 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-22 22:45:19 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-12 02:02:22 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-22 22:45:19 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-12 02:02:22 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-22 22:45:20 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-12 02:02:22 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-22 22:45:18 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-12 02:02:22 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-22 22:45:18 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-20 23:10:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 23:52:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-10-11 06:13:38 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
- 2007-10-11 06:13:38 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
- 2007-10-11 06:13:38 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\DllCache\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-20 17:34:38 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-23 05:38:54 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-04-12 10:54:50 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-22 22:50:27 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 10:54:50 72,564 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-22 22:50:27 74,336 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-12 10:54:50 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-22 22:50:27 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-12 10:54:50 461,642 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-22 22:50:27 467,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\sys
Désolée j'ai pas fait attention que c'était trop long !
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 21:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 01:07:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 19:09:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 19:32:44
ComboFix-quarantined-files.txt 2008-04-25 17:30:00
ComboFix2.txt 2008-04-22 21:44:44
Pre-Run: 8,702,775,296 octets libres
Post-Run: 8,810,135,552 octets libres
746 --- E O F --- 2008-04-22 22:52:33
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 21:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 01:07:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 19:09:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 19:32:44
ComboFix-quarantined-files.txt 2008-04-25 17:30:00
ComboFix2.txt 2008-04-22 21:44:44
Pre-Run: 8,702,775,296 octets libres
Post-Run: 8,810,135,552 octets libres
746 --- E O F --- 2008-04-22 22:52:33
Pas grave.
Copie le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
*******
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
******
1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm
2) Télécharge Dr.Web CureIt sur ton Bureau:
Rend toi sur cette page afin de télécharger le fichier CureIt.com > http://www.sendspace.com/file/9nnh7y
pour cela, clique sur le lien en bas de page >![]()
Download Link: CureIt.com
Double clique sur le fichier drweb-cureit.com
Si le lien ne marche pas : ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
![]()
et ensuite clique sur commencer le scan.
Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire ; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
**Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique sur "Ok"
De retour à la fenêtre principale : clique sur le bouton radio "Analyse complète".
Clique sur la flèche verte sur la droite, et le scan débutera.
Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique sur "Désinfecter".
Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés : ![]()
Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
Ferme Dr.Web Cureit
Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\hsrpxspr.ini
C:\WINDOWS\system32\aliceeadsl.exe
Folder::
C:\VundoFix Backups
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"=-
"NT Security Service"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"Symantec PIF AlertEng"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"aliceeadsl"=-
C:\WINDOWS\system32\hsrpxspr.ini
C:\WINDOWS\system32\aliceeadsl.exe
Folder::
C:\VundoFix Backups
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"=-
"NT Security Service"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"Symantec PIF AlertEng"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"aliceeadsl"=-
Ouvre le Bloc-notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
*******
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
******
1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm
2) Télécharge Dr.Web CureIt sur ton Bureau:
Rend toi sur cette page afin de télécharger le fichier CureIt.com > http://www.sendspace.com/file/9nnh7y
pour cela, clique sur le lien en bas de page >
Download Link: CureIt.comSi le lien ne marche pas : ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
et ensuite clique sur commencer le scan.**Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
RAPPORT COMBOFIX
ComboFix 08-04-20.5 - Marjolaine 2008-04-26 19:49:47.3 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marjolaine\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\hsrpxspr.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\hsrpxspr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
.
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 00:01:15 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 19:53:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-04-26 19:59:13
ComboFix-quarantined-files.txt 2008-04-26 17:58:08
ComboFix2.txt 2008-04-25 17:32:50
ComboFix3.txt 2008-04-22 21:44:44
Pre-Run: 8,751,599,616 octets libres
Post-Run: 8,745,332,736 octets libres
163 --- E O F --- 2008-04-22 22:52:33
ComboFix 08-04-20.5 - Marjolaine 2008-04-26 19:49:47.3 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marjolaine\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\hsrpxspr.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\hsrpxspr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
.
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 00:01:15 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 19:53:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-04-26 19:59:13
ComboFix-quarantined-files.txt 2008-04-26 17:58:08
ComboFix2.txt 2008-04-25 17:32:50
ComboFix3.txt 2008-04-22 21:44:44
Pre-Run: 8,751,599,616 octets libres
Post-Run: 8,745,332,736 octets libres
163 --- E O F --- 2008-04-22 22:52:33
RAPPORT CUREIT DrWEB
Process.exe C:\Program Files\Navilog1 Tool.Prockill Quarantaine.
fffywfjg.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
hvuebbvm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
pbxuqjjm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
qjmrvnbm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
rvpvimuj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
Process.exe C:\SDFix\apps Tool.Prockill Quarantaine.
A0041020.0xe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP352 Trojan.PWS.LDPinch.3228 Supprimé.
A0043907.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
A0043943.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
A0044040.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045037.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045219.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045237.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046347.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046440.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046543.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046646.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046662.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046723.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046772.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0047853.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0047875.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0048911.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048925.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048926.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0048927.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048928.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048945.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050043.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.347 Supprimé.
A0050044.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050063.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050065.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050067.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050879.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
A0050880.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
A0050966.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050967.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
A0055006.exe\data001 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
A0055006.exe\data002 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
A0055006.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373 L'archive contient des éléments infectés Quarantaine.
A0056475.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056477.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056478.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056479.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056480.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056481.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061622.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061623.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061624.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061625.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061626.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061663.EXE C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Program.PsExec.170 Quarantaine.
A0063178.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381 Tool.Prockill Quarantaine.
vnchooks.dll C:\WINDOWS Program.RemoteAdmin Quarantaine.
winvnc.exe C:\WINDOWS Program.RemoteAdmin Quarantaine.
xr4tdwa.exe\data001 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
xr4tdwa.exe\data002 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
xr4tdwa.exe C:\WINDOWS L'archive contient des éléments infectés Quarantaine.
Process.exe C:\Program Files\Navilog1 Tool.Prockill Quarantaine.
fffywfjg.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
hvuebbvm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
pbxuqjjm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
qjmrvnbm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
rvpvimuj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
Process.exe C:\SDFix\apps Tool.Prockill Quarantaine.
A0041020.0xe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP352 Trojan.PWS.LDPinch.3228 Supprimé.
A0043907.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
A0043943.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
A0044040.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045037.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045219.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0045237.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046347.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046440.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
A0046543.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046646.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046662.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046723.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0046772.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
A0047853.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0047875.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0048911.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048925.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048926.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
A0048927.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048928.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
A0048945.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050043.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.347 Supprimé.
A0050044.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050063.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050065.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050067.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050879.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
A0050880.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
A0050966.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
A0050967.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
A0055006.exe\data001 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
A0055006.exe\data002 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
A0055006.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373 L'archive contient des éléments infectés Quarantaine.
A0056475.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056477.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056478.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056479.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056480.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0056481.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061622.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061623.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061624.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061625.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061626.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
A0061663.EXE C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Program.PsExec.170 Quarantaine.
A0063178.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381 Tool.Prockill Quarantaine.
vnchooks.dll C:\WINDOWS Program.RemoteAdmin Quarantaine.
winvnc.exe C:\WINDOWS Program.RemoteAdmin Quarantaine.
xr4tdwa.exe\data001 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
xr4tdwa.exe\data002 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
xr4tdwa.exe C:\WINDOWS L'archive contient des éléments infectés Quarantaine.
SDFix: Version 1.175
Run by Marjolaine on 26/04/2008 at 20:24
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 20:32:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex
9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 10 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT1.tmp"
Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT2.tmp"
Thu 14 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2.tmp"
Finished!
ben j'ai toujours mon anti virus qui detecte des truc qui peut pas supprimer !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:59, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 12039 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:59, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 12039 bytes
Ca sert a quoi que je fasse 15 fois les meme trucs ??
RAPPORT COMBOFIX
ComboFix 08-04-20.5 - Marjolaine 2008-04-27 13:06:43.4 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))))))
.
2008-04-26 20:51 . 2008-04-26 20:51 <REP> d-------- C:\Documents and Settings\Marjolaine\DoctorWeb
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-26 20:36 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-27 07:12 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 20:37 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot_2008-04-25_19.25.53,94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 09:38:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-21 00:32:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-26 03:39:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-04-22 20:50:58 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-26 18:20:56 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-04-22 20:50:59 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-26 18:20:57 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 09:41:39 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:10:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-27 13:14:04
ComboFix-quarantined-files.txt 2008-04-27 11:13:38
ComboFix2.txt 2008-04-26 17:59:14
ComboFix3.txt 2008-04-25 17:32:50
ComboFix4.txt 2008-04-22 21:44:44
Pre-Run: 8,821,596,160 octets libres
Post-Run: 8,829,509,632 octets libres
159 --- E O F --- 2008-04-22 22:52:33
RAPPORT COMBOFIX
ComboFix 08-04-20.5 - Marjolaine 2008-04-27 13:06:43.4 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))))))
.
2008-04-26 20:51 . 2008-04-26 20:51 <REP> d-------- C:\Documents and Settings\Marjolaine\DoctorWeb
2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-26 20:36 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-27 07:12 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 20:37 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot_2008-04-25_19.25.53,94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 09:38:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-21 00:32:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-26 03:39:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-04-22 20:50:58 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-26 18:20:56 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-04-22 20:50:59 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-26 18:20:57 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 09:41:39 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:10:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-27 13:14:04
ComboFix-quarantined-files.txt 2008-04-27 11:13:38
ComboFix2.txt 2008-04-26 17:59:14
ComboFix3.txt 2008-04-25 17:32:50
ComboFix4.txt 2008-04-22 21:44:44
Pre-Run: 8,821,596,160 octets libres
Post-Run: 8,829,509,632 octets libres
159 --- E O F --- 2008-04-22 22:52:33
Impossible de démarrer en sans échec ?
=> Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...
Sinon on fera un scan en ligne.
=> Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...
Sinon on fera un scan en ligne.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 29, 2008 12:54:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 730172
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 82981
Number of viruses found: 8
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 02:07:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047853.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047875.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048926.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048945.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050044.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050063.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050065.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050067.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050879.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050880.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050966.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050967.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056477.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056479.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056480.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056481.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061622.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061623.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061624.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061625.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061626.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\fffywfjg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\hvuebbvm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\pbxuqjjm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\qjmrvnbm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\rvpvimuj.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0045231.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046252.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046796.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046814.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0047850.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064282.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064283.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP383\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 29, 2008 12:54:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 730172
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 82981
Number of viruses found: 8
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 02:07:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047853.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047875.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048926.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048945.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050044.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050063.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050065.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050067.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050879.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050880.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050966.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050967.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056477.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056479.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056480.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056481.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061622.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061623.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061624.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061625.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061626.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\fffywfjg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\hvuebbvm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\pbxuqjjm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\qjmrvnbm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\rvpvimuj.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0045231.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046252.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046796.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046814.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0047850.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064282.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064283.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP383\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 7:39:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731654
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 70426
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:57
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP1\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8A6DC99B-E458-4AC8-8B88-B133BDDA3A5E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 7:39:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731654
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 70426
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:57
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP1\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8A6DC99B-E458-4AC8-8B88-B133BDDA3A5E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Re![:)]( ":)")
Télécharge ToolsCleaner2( de A.Rothstein)
Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~
Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
Désactive-réactive la restauration système
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Egdaccess/Magic.control/Navipromo, Vundo
Si tu ne la trouves pas dans la liste, poste dans Autres infections,
Mets ton ordi correctement à jour >ici<
Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
Puis regarde ces dossiers :
- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements
Bonne journée/soirée![:)]( ":)")
Télécharge ToolsCleaner2( de A.Rothstein)
Puis regarde ces dossiers :
- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements
Bonne journée/soirée
Lassé par la pub ? Créez un compte
- Contenus similaires :
